<?php
require_once("inc.admin.php");

$this_title="$vars[title] &raquo; ".__("Profile");
$page_title=__("Profile");

$td_width=180;

$r_admin=mysql_fetch_assoc($r=mysql_query("select * from $db->admin where id='$aid'"));

//#####CHANGE DETAIL POST#####
if($_POST["__req"]){
 if(strlen($post_s["_password"]) || strlen($post_s["password2"])){
  $edata="_password";
 }
 $edata.=($edata? "," : "")."_email";
 $edata=explode(",", $edata);
 foreach($edata as $field){
  $data[$field]=$post_s[$field];
 }
 $errmsg=verify_form_data("admin", $data);
 if(!$errmsg){
  if(!$post_s["password"]){
   $errmsg.=replace_tag(__("'<%field%>' is a required field."), array("<%field%>"=>__("Current Password")))."<br />\n";
  }else{
   $db_pass=explode(":", $r_admin["enc_password"]);
   if(md5($post_s["password"].$db_pass[1])!=$db_pass[0]){
    $errmsg.=__("You have entered an invalid Current Password.")."<br />\n";
   }
  }
  if(strlen($post_s["_password"])){
   if(!strlen($post_s["password2"])){
    $errmsg.=replace_tag(__("'<%field%>' is a required field."), array("<%field%>"=>__("Confirm Password")))."<br />\n";
   }elseif($post_s["password2"]!=$post_s["_password"]){
    $errmsg.=__("Your entered passwords did not match.")."<br />\n";
   }
  }
  if(!verify_email($post_s["_email"])){
   $errmsg.=__("You have entered an invalid email.")."<br />\n";
  }
 }

 //#####UPDATE TO DB#####
 if(!$errmsg){
  if(strlen($post_s["_password"])){
   $salt = generate_random_code(32);
   $enc_password = md5($post_s["_password"].$salt).":".$salt;
   $afvq="password='$post_d[_password]', enc_password='$enc_password', ";
  }
  $sql="update $db->admin set $afvq email='$post_d[_email]' where id='$aid' limit 1";
  if(!mysql_query($sql)){
   $errmsg.=__("We have encountered some error and the update process has been failed.").($vars["debug"]? "<br />\n<br />\nSQL: $sql<br />\n<br />\nError: ".mysql_error() : "")."<br />\n";
  }

  if(!$errmsg){
   $msg=format_msg(__("You have successfully updated your account details.").(strlen($post_s["_password"])? " ".
   __("You will need to re-login to your account.")." ".__("Please click on the below button to login.") : ""));
   $login_button=(strlen($post_s["_password"])? "<br />\n<br />\n<br />\n
   <p class='center'><input type='button' value=\"".__("Login")."\" onclick=\"window.location='".$vars["file"]["admin"]["logout"]."';\" /></p>" : "");
   if(strlen($post_s["_password"])){
    print format_admin_page("<h2>$page_title</h2>".$msg.$login_button, $this_title);
    exit();
   }
  }
 }

 $errmsg=$errmsg? format_err($errmsg) : "";
}

$form_fields=array("_email"=>$r_admin["email"],"password"=>"","_password"=>"","password2"=>"");
foreach($form_fields as $field => $default){
 $dis[$field]=!$_POST["req"]? $default : $post_h[$field];
}

$profile=($errmsg || $msg?
"$errmsg $msg" : "")."
<form name='profile_form' method='post' action='$this_file'>
<input type='hidden' name='__req' value='1' />
<table class='amt_table'>
 <tr>
  <td width='$td_width'>Email: *</td>
  <td><input type='text' name='_email' value=\"$dis[_email]\" $inputbox_style /></td>    
 </tr>
 <tr>
  <td>New Password:</td>
  <td><input type='password' name='_password' value=\"$dis[_password]\" $inputbox_style /><br />\n
      Leave this field blank if you do not wish to change your password.</td>
 </tr>
 <tr>
  <td>Confirm Password:</td>
  <td><input type='password' name='password2' value=\"$dis[password2]\" $inputbox_style /></td>
 </tr>
 <tr>
  <td>Current Password:</td>
  <td><input type='password' name='password' value=\"$dis[password]\" $inputbox_style /><br />\n
      Please provide your existing password for verification.</td>
 </tr>
 <tr>
  <td colspan='2' class='center' style='padding:20px 0 20px 0;'>
   <input type='submit' value=\"".__("Update")."\" />
  </td>
 </tr>
</table>";

$content=
"<h2>$page_title</h2>
$profile";

print format_admin_page($content, $this_title);
?>